gafgyt | ef41b244e082286231848befd143283cf4450244b59f596dae75f6dfaecc84a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d19d5fd8abceddd07506a18829f9dd0c_JaffaCakes118
Size

153KB
Sample

240907-lfjlpaxcmc
MD5

d19d5fd8abceddd07506a18829f9dd0c
SHA1

1fd4a6c0a4bbe058b946371e4b8220a32686648d
SHA256

ef41b244e082286231848befd143283cf4450244b59f596dae75f6dfaecc84a6
SHA512

298503de63cb355789770e7fc995fdf3d86280b2d77d1dabc2cc23f3a2a555ad7b4b0beb46676c2a4e37616bfe90662449309c6a1d1bd5f487cb2c06308af9e8
SSDEEP

3072:ndu1kGeNGYRXgVzj0YD56j3HyfiNTqLoJmAlh:nE1gXVgJ0M54HyfiNTqLoJmAlh

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.165.29.25:444

Targets

- Target
  
  d19d5fd8abceddd07506a18829f9dd0c_JaffaCakes118
- Size
  
  153KB
- MD5
  
  d19d5fd8abceddd07506a18829f9dd0c
- SHA1
  
  1fd4a6c0a4bbe058b946371e4b8220a32686648d
- SHA256
  
  ef41b244e082286231848befd143283cf4450244b59f596dae75f6dfaecc84a6
- SHA512
  
  298503de63cb355789770e7fc995fdf3d86280b2d77d1dabc2cc23f3a2a555ad7b4b0beb46676c2a4e37616bfe90662449309c6a1d1bd5f487cb2c06308af9e8
- SSDEEP
  
  3072:ndu1kGeNGYRXgVzj0YD56j3HyfiNTqLoJmAlh:nE1gXVgJ0M54HyfiNTqLoJmAlh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1